Lucene search

K
ubuntucveUbuntu.comUB:CVE-2024-38517
HistoryJul 09, 2024 - 12:00 a.m.

CVE-2024-38517

2024-07-0900:00:00
ubuntu.com
ubuntu.com
13
tencent rapidjson
integer underflow
privilege escalation
json parsing
crafted file
elevation of privilege
unix

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7

Confidence

Low

Tencent RapidJSON is vulnerable to privilege escalation due to an integer
underflow in the GenericReader::ParseNumber() function of
include/rapidjson/reader.h when parsing JSON text from a stream. An
attacker needs to send the victim a crafted file which needs to be opened;
this triggers the integer underflow vulnerability (when the file is
parsed), leading to elevation of privilege.

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7

Confidence

Low